1 |
<?php |
2 |
require_once("style/std/stdwpstyle.inc"); |
3 |
//---------------------------------------------------------------------------------------------------- |
4 |
//Copyright (c) 2003, 2018 David T. Ashley. |
5 |
// |
6 |
//Permission is hereby granted, free of charge, to any person obtaining a copy |
7 |
//of this software and associated documentation files (the "Software"), to deal |
8 |
//in the Software without restriction, including without limitation the rights |
9 |
//to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
10 |
//copies of the Software, and to permit persons to whom the Software is |
11 |
//furnished to do so, subject to the following conditions: |
12 |
// |
13 |
//The above copyright notice and this permission notice shall be included in all |
14 |
//copies or substantial portions of the Software. |
15 |
// |
16 |
//THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
17 |
//IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
18 |
//FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
19 |
//AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
20 |
//LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
21 |
//OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
22 |
//SOFTWARE. |
23 |
//---------------------------------------------------------------------------------------------------- |
24 |
// |
25 |
function do_header(&$style) |
26 |
{ |
27 |
$style->static_page_header_title_std("HTPASSWD-Style Hashed Password Generator", |
28 |
"<i>htpasswd</i>-Style Hashed Password Generator", |
29 |
""); |
30 |
echo "<p align=\"center\"><b><font size=\"3\">(This cgi-bin form generates password hashes which are \n"; |
31 |
echo "understood by the <i>Apache</i> web server in directory access files and also by \n"; |
32 |
echo "the <i>CVS</i> version control system when such entries are placed in the \n"; |
33 |
echo "<i>CVSROOT/passwd</i> file. The algorithm used is the standard DES algorithm with \n"; |
34 |
echo "randomly selected two-character salt. To use this password hash generator, \n"; |
35 |
echo "you must normally paste the output into an <i>Apache</i> directory access file or into \n"; |
36 |
echo "the <i>CVSROOT/passwd</i> file of a <i>CVS</i> repository.)</font></b></p>\n"; |
37 |
$style->static_page_hrule_std(); |
38 |
echo "<p align=\"center\"><font size=\"3\" color=\"#FF0000\"><b>WARNING:</b> The username and "; |
39 |
echo "password you choose are "; |
40 |
echo "transmitted over the network to the server unencrypted and can be intercepted. "; |
41 |
echo "Use this utility "; |
42 |
echo "at your own risk.</font></p>\n"; |
43 |
$style->static_page_hrule_std(); |
44 |
} |
45 |
|
46 |
function do_footer(&$style) |
47 |
{ |
48 |
$style->static_page_footer_std(); |
49 |
} |
50 |
|
51 |
function do_form($Buttontext) |
52 |
{ |
53 |
echo "<form method=post action=\"index.php\" width=\"100%\">\n"; |
54 |
echo "<table align=\"center\">\n"; |
55 |
echo "<tr>\n"; |
56 |
echo " <td width=\"10%\">\n"; |
57 |
echo " <p align=\"right\"><b>Username</b> (required):</td>\n"; |
58 |
echo " <td width=\"12%\"><p align=\"left\"><input type=\"text\" name=\"Username\" size=\"30\"></p></td>\n"; |
59 |
echo " </tr>\n"; |
60 |
echo " <tr>\n"; |
61 |
echo " <td width=\"10%\">\n"; |
62 |
echo " <p align=\"right\"><b>Password</b> (required):</td>\n"; |
63 |
echo " <td width=\"12%\"><p align=\"left\"><input type=\"Password\" name=\"Password\" size=\"30\"></p></td>\n"; |
64 |
echo " </tr>\n"; |
65 |
echo " <tr>\n"; |
66 |
echo " <td width=\"20%\" colspan=\"2\">\n"; |
67 |
echo " <p align=\"center\"><input type=\"submit\" value=\""; |
68 |
echo $Buttontext; |
69 |
echo "\" name=\"B1\" style=\"margin-top: 12\"></td>\n"; |
70 |
echo " </tr>\n"; |
71 |
echo "</table>\n"; |
72 |
echo "</form>\n"; |
73 |
} |
74 |
|
75 |
function do_err_msg($Err_msg) |
76 |
{ |
77 |
echo "<p align=\"center\"><b><font color=\"#FF0000\">"; |
78 |
echo $Err_msg; |
79 |
echo "</font></b></p>\n"; |
80 |
} |
81 |
|
82 |
function random_salt() |
83 |
{ |
84 |
//There are 64 possible values for each salt character, a-z, A-Z, 0-9, ., and /. |
85 |
//Can easily generate a suitably random value. |
86 |
$Matchstring = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./"; |
87 |
$Rand1 = rand(0,63); |
88 |
$Rand2 = rand(0,63); |
89 |
return(Substr($Matchstring, $Rand1, 1) . Substr($Matchstring, $Rand2, 1)); |
90 |
} |
91 |
|
92 |
//Main script begins here. |
93 |
// |
94 |
// |
95 |
$style = new StdWpStyle; |
96 |
//Assign the current style in force. Also, starts the CPU |
97 |
//usage clock. |
98 |
|
99 |
//Do the header unconditionally. The header is always used on this page. |
100 |
do_header($style); |
101 |
// |
102 |
if (isset($_POST['Username'])) |
103 |
$Username = $_POST['Username']; |
104 |
// |
105 |
if (isset($_POST['Password'])) |
106 |
$Password = $_POST['Password']; |
107 |
|
108 |
//Load up a few variables based on what username and password values were supplied. |
109 |
if (isset($Username) && isset($Password)) |
110 |
{ |
111 |
$Usernamelen = strlen($Username); |
112 |
$Usernamevalid = 1; |
113 |
for ($i=0; $i<$Usernamelen; $i++) |
114 |
{ |
115 |
$Curchar = Substr($Username, $i, 1); |
116 |
$Ord = ord($Curchar); |
117 |
if (! |
118 |
( |
119 |
($Ord >= ord("A") && $Ord <= ord("Z")) |
120 |
|| |
121 |
($Ord >= ord("a") && $Ord <= ord("z")) |
122 |
|| |
123 |
($Ord >= ord("0") && $Ord <= ord("9")) |
124 |
) |
125 |
) |
126 |
{ |
127 |
$Usernamevalid = 0; |
128 |
} |
129 |
} |
130 |
|
131 |
$Passwordlen = strlen($Password); |
132 |
$Passwordvalid = 1; |
133 |
for ($i=0; $i<$Passwordlen; $i++) |
134 |
{ |
135 |
$Curchar = Substr($Password, $i, 1); |
136 |
$Ord = ord($Curchar); |
137 |
if (! |
138 |
( |
139 |
($Ord >= ord("A") && $Ord <= ord("Z")) |
140 |
|| |
141 |
($Ord >= ord("a") && $Ord <= ord("z")) |
142 |
|| |
143 |
($Ord >= ord("0") && $Ord <= ord("9")) |
144 |
|| |
145 |
($Ord == ord("/")) |
146 |
|| |
147 |
($Ord == ord(".")) |
148 |
) |
149 |
) |
150 |
{ |
151 |
$Passwordvalid = 0; |
152 |
} |
153 |
} |
154 |
|
155 |
} |
156 |
// |
157 |
//There are a few cases to break into here, and this affects the overall layout of the page. |
158 |
//The header and footer are fixed, but the "guts" will change. |
159 |
if (!isset($Username) || !isset($Password)) |
160 |
{ |
161 |
//In this case, we are probably visiting the form for the first time, and have not done a submit. |
162 |
//Just display the form itself. |
163 |
do_form("Click To Generate Hashed Password"); |
164 |
} |
165 |
elseif ($Usernamelen < 1 || !$Usernamevalid) |
166 |
{ |
167 |
//The user name is suspicious. Must flag it. |
168 |
do_err_msg("The <i>Username</i> you supplied is not valid. User names must contain at least one character and may consist only of lower-case and upper-case letters and digits. Please try again."); |
169 |
$style->hrule_std(); |
170 |
do_form("Click To Generate Hashed Password"); |
171 |
} |
172 |
elseif ($Passwordlen < 2 || !$Passwordvalid) |
173 |
{ |
174 |
//The password is suspicious. Must flag it. |
175 |
do_err_msg("The <i>Password</i> you supplied is not valid. Passwords must contain at least two characters and may consist only of lower-case and upper-case letters and digits and the \"/\" and \".\" characters. Please try again."); |
176 |
$style->static_page_hrule_std(); |
177 |
do_form("Click To Generate Hashed Password"); |
178 |
} |
179 |
else |
180 |
{ |
181 |
//Username and password seem within minimums. Should be clear to generate hashed password. |
182 |
$Hashedpwd = crypt($Password, random_salt()); |
183 |
echo "<p align=\"left\">The hashed username/password is:</p>\n"; |
184 |
echo "<p align=\"left\"><font size=\"5\"> <b>"; |
185 |
echo $Username; |
186 |
echo ":"; |
187 |
echo $Hashedpwd; |
188 |
echo "</b></font></p>\n"; |
189 |
echo "<p align=\"left\">You may paste this value directly into an <i>Apache</i> directory \n"; |
190 |
echo "access file or <i>CVS</i> <i>CVSROOT/passwd</i> file. Note that if the period (\".\") \n"; |
191 |
echo "character or other punctuation appears as the last character(s) of the hash above, \n"; |
192 |
echo "it <i>is</i> part of the hash and \n"; |
193 |
echo "must be included when copying and pasting.</p>\n"; |
194 |
$style->static_page_hrule_std(); |
195 |
do_form("Click To Generate Another Hashed Password"); |
196 |
} |
197 |
|
198 |
//Now do the footer unconditionally. The footer is always used on this web page. |
199 |
do_footer($style); |
200 |
?> |